VIR Vulnerability Intelligence Relay

Package impact

npm npm / vm2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-44006 critical 10.0 10.0 15d ago vm2 has a Sandbox Escape Vulnerability npm
CVE-2026-44005 critical 10.0 10.0 15d ago vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape npm
CVE-2026-43997 critical 10.0 10.0 15d ago vm2 Access to Host Object Enables Sandbox Escape npm
CVE-2026-26332 critical 10.0 10.0 24d ago VM2 Has a Sandbox Escape Issue via SuppressedError npm
CVE-2026-43999 critical 9.9 9.9 15d ago vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape npm
CVE-2026-45411 critical 9.8 9.8 15d ago vm2 Has a Sandbox Breakout Using Async Generator npm
CVE-2026-44009 critical 9.8 9.8 15d ago vm2 has Sandbox Breakout Through Null Proto Exception npm
CVE-2026-44008 critical 9.8 9.8 15d ago vm2 has sandbox breakout via `neutralizeArraySpeciesBatch` npm
CVE-2026-26956 critical 9.8 9.8 24d ago VM2 Has a WASM Sandbox Escape (Node 25 only) npm
CVE-2026-24781 critical 9.8 9.8 24d ago VM2 Has Sandbox Breakout Through Inspect Function npm
CVE-2026-24120 critical 9.8 9.8 24d ago VM2 Has Sandbox Breakout Through Promise Species npm
CVE-2026-24118 critical 9.8 9.8 24d ago VM2 Sandbox Breakout Through __lookupGetter__ npm
CVE-2026-44007 critical 9.1 9.1 15d ago vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution npm
CVE-2026-44001 high 8.6 8.6 15d ago vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS) npm
CVE-2026-43998 high 8.5 8.5 15d ago vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox escape npm
CVE-2026-44004 high 7.5 7.5 15d ago vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion npm
CVE-2026-44000 high 7.2 7.2 15d ago vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary npm
CVE-2026-44003 medium 5.8 5.8 15d ago vm2's Transformer Fast-Path Bypass Exposes Internal State Variable npm
CVE-2026-44002 medium 5.8 5.8 15d ago vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak npm